Wednesday, April 23, 2014

Due to a programming error, some Android applications were protected from Heartbleed - Open Systems

Some applications

Android, which was thought to be vulnerable because of errors Heartbleed, actually reserved – thanks to another error: in the library implementation support OpenSSL.

Among FireEye spent 54 thousand scan . applications from Google Play, to find out which of them are vulnerable because Heartbleed. In Google say that most Android platform in connection with breaches Heartbleed not, but in some games and FireEye Office applications have recognized the potentially vulnerable because they use their own OpenSSL library instead of the built in Android. Friendly game against vulnerable carried out using Heartbleed, may allow a OAuth token and use it to capture the account in the game or in social networks to which it is bound, it is believed to FireEye.

more detailed analysis of supposedly vulnerable office applications showed the presence of many of these errors are due to which the function call SSL in reality they are called from the library built into Android, and not of his own, the researchers report.

According to FireEye, of about two dozen programs in Google Play, checking the system’s vulnerability to Heartbleed, only six scanning application, and not all of them are vulnerable.